- Journalbeat Reference for 6.5-7.15:
- Journalbeat overview
- Quick start: installation and configuration
- Set up and run
- Configure
- Inputs
- General settings
- Project paths
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_csv_fields
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- rate_limit
- registered_domain
- rename
- script
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- HTTP endpoint
- Regular expression support
- Instrumentation
- journalbeat.reference.yml
- How to guides
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get help
- Debug
- Common problems
- Journalbeat uses too much bandwidth
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
Change the index name
editChange the index name
editIf you’re sending events to a cluster that supports index lifecycle management, you need to change the index name in the ILM policy. See Index lifecycle management (ILM) to learn how to change it.
Journalbeat uses time series indices, by default, when index lifecycle
management is disabled or unsupported. The indices are named
journalbeat-7.15.2-yyyy.MM.dd
, where yyyy.MM.dd
is the date when the
events were indexed. To use a different name, set the
index
option in the Elasticsearch output. The value that
you specify should include the root name of the index plus version and date
information. You also need to configure the setup.template.name
and
setup.template.pattern
options to match the new name. For example:
output.elasticsearch.index: "customname-%{[agent.version]}-%{+yyyy.MM.dd}" setup.template.name: "customname" setup.template.pattern: "customname-*"
If index lifecycle management is enabled (which is typically the default), setup.template.name
and setup.template.pattern
are ignored.
For a full list of template setup options, see Elasticsearch index template.
Remember to change the index name when you load dashboards via the Kibana UI.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now